We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

Emily Schriver

On August 14, 2012, the Defense Contract Audit Agency (DCAA) released audit guidance, along with an adjustment to the DCAA Contracts Audit Manual (CAM), that directs auditors to increase requests for contractors’ internal audit records and work papers.[1]

Perhaps most concerning is the updated CAM 4-202. In addition to other requirements, it now states that the newly-established POC must:

obtain from the contractor, and subsequently review, a semi-annual summary of all internal audits, which provides enough detail to determine whether any internal audit is relevant to a DCAA audit; and

send a request to the contractor for reports and/or working papers considered pertinent by the auditors, and provide the auditors copies of the information obtained from the contractor.

If contractors deny access to internal audit reports or working papers, the CAC or FAO manager can follow DCAA’s Access to Records procedures, set forth in CAM 1-504.

Similarly, the current Senate version of the National Defense Authorization Act (NDAA) for Fiscal Year 2013 includes a section that would allow DCAA to access internal audits and supporting documents “for the purpose of assessing risk and evaluating the efficacy of contractor internal controls and the reliability of associated business systems.” [3] It requires that DoD draft guidance on access to internal audits and supporting materials. This version of the bill has been placed on the Senate calendar for a vote.[4]

The proposed NDAA also states that a contractor’s failure to provide access to internal audits and related documents can serve as a basis for deeming any related contractor business systems inadequate. This language would effectively block the Federal Circuit’s holding that contractors may deny access to internal audits when DCAA exceeds its audit authority.[5]

Neither DCAA nor the Senate bill addresses what DoD will consider an “internal audit.” Contractors may have to assist auditors in determining what constitutes an internal audit within their organization. And, unless Section 843 of the NDAA passes, a contractor still has a legal basis in Newport News to resist access to internal audits when it believes DCAA has overstepped its audit authority.

[2] Major contractors are those with over $100-million in auditable dollar volume. For non-major contractors, the guidance notes that internal audit information is still useful and the CAM states that access to information from non-major contractors may be requested “when warranted.”